Sanctions Screening & Due Diligence
This is the tool that GitLab uses to screen vendors, prospects, and customers for sanctions.
What is Risk Rate?
This consequence specifically affects GitLab's ability to do business with the government.
What is debarment?
The GitLab document that establishes standards of business conduct and must be acknowledged annually by all team members.
What is the Code of Business Conduct and Ethics?
This 2016 EU regulation governs data protection and privacy for EU citizens and has extraterritorial reach.
What is the GDPR?
This U.S. law governs interactions with government officials and prohibits bribery.
What is the Foreign Corrupt Practices Act (FCPA)?
At GitLab, sanctions screening fails without this information, when the prospect or customer is located in Canada.
What is province? Also acceptable: Account Name or Account Address
Knowingly ignoring red flags can result in this internal GitLab action.
What is disciplinary action?
This policy protects team members who report violations in good faith.
What is the Anti-Retaliation Policy (or Whistleblower Policy)?
This is information that can be used to identify an individual.
What is personal data?
This is the maximum value per person per event for gifts or entertainment to foreign government officials without pre-approval.
What is $80?
Unusual payment requests, vague business purposes, or evasive answers about end users are examples of these warning signs that require escalation to Ethics & Compliance.
What are red flags?
Companies that violate trade regulations may lose this privilege, preventing them from exporting products or technology.
What are export privileges (or export licenses)?
Team members must contact Ethics & Compliance immediately upon receiving requests related to this type of unauthorized foreign boycott.
What is any boycott-related request?
Under GDPR, companies must report data breaches to supervisory authorities within this many hours.
What is 72 hours?
Contact with foreign officials may require documentation to avoid even the appearance of this prohibited practice.
What is bribery?
When Risk Rate flags a potential match to a sanctioned party, the system puts the account into this status until Legal has a chance to review it.
What is "export hold" or "requires review?"
Under U.S. export control laws, criminal penalties for violations can include fines up to this amount per violation and up to 20 years imprisonment.
What is $1 million?
and Entertainment Policy mentions two major anti-corruption laws: the U.S. Foreign Corrupt Practices Act and this UK law.
What is the UK Bribery Act?
GDPR requires that personal data be collected for specified, explicit purposes and not processed in a manner incompatible with those purposes, known as this principle.
What is purpose limitation?
These small payments to speed up routine government actions are prohibited under the UK Bribery Act and GitLab's Gifts and Entertainment Policy.
What are facilitation payments?
Accounts located in this South American country are treated as high-risk and require further review by GitLab's Trade Compliance Counsel.
What is Venezuela?
Under GDPR, companies can face fines up to this percentage of annual global revenue for serious data protection violations.
What is 4%?
According to GitLab's Gifts and Entertainment Policy, this is the maximum value per person per event for gifts or entertainment to U.S. government officials.
What is $20?
Under GDPR, individuals have this right to request deletion of their personal data under certain circumstances.
What is the right to erasure (or right to be forgotten)?
Providing anything of value to a foreign official with the intent to influence their official actions violates anti-corruption laws and constitutes this illegal act.
What is bribery?